360
Information Security

The Magnificent 7

What Is It?

SyslogNG is a replacement for standard UNIX syslog, the software that handles system-wide logging. As with original syslog, you can send your Windows logs over a network to a central syslog-ng host. It provides all the functionality of "old" syslog but with enhancements in the areas of security, robustness, and flexibility.

How did it come about?

Balazs Scheider's Syslog-NG was originally based on a software package named nsyslog written by Darren Reed but his future plans soon necessitated an independent re-implementation. "I always wanted to improve stock syslogd as I regularly had problems locating a specific log message in the vast number of output files that syslogd produces. I found the facility/priority based filtering inadequate for log sorting so I attempted to create a more flexible system. That's syslog-ng."

Where would I use it?

Syslog-NG is of particular use on loghosts, servers where you concentrate log events from networked systems. Loghosts must accept multiple streams of log events from remote systems and store them locally for future analysis and archival. Performance and a low loss rate are important, and Syslog-NG provides this.

Why is it so good?

Syslog-NG is popular because it improves upon traditional syslog by providing much more powerful configurability, yet manages to keep enough commonality so that users familiar with the standard OS syslog will quickly be at home. Improvements over standard syslog:

  • Filtering based on message content
  • Message integrity, and soon message encryption
  • Greater portability between operating systems
  • Better network forwarding

Who uses it?

Syslog-NG is widely used and/or recommended by most logfile management vendors. Exaprotect the Security Event and Information Management company recommend Syslog-NG and Splunk, the logfile management company use it. If you have any particularly ingenious syslog-ng configurations, then send them to us (anonymised if you wish). If we get enough material there may be an article on some of the best examples.

Where do I start?

http://bazsi.blogspot.com

Our clients